[infinispan-issues] [JBoss JIRA] (ISPN-5790) AuthorizationManager rework
Tristan Tarrant (JIRA)
issues at jboss.org
Thu Sep 24 06:28:00 EDT 2015
[ https://issues.jboss.org/browse/ISPN-5790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tristan Tarrant updated ISPN-5790:
----------------------------------
Status: Open (was: New)
> AuthorizationManager rework
> ---------------------------
>
> Key: ISPN-5790
> URL: https://issues.jboss.org/browse/ISPN-5790
> Project: Infinispan
> Issue Type: Task
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Fix For: 8.1.0.Final
>
>
> The AuthorizationManager has a few issues:
> - it is using the deprecated ClusterRegistry: it should use an internal cache instead
> - it stores per-cache subject ACLs globally, thus possibly returning incorrect ACL masks for a specific subject/cache pair
> Solve the above by introducing a GlobalSecurityManager which starts a global ACL cache and only cache the subject role mapping and not the masks.
> It would be useful if the AuthorizationManager also supported checking for a specific role in addition to a permission
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the infinispan-issues
mailing list